Analysis Overview
SHA256
8dd3c6a48f6570242a85d748dc37cc58c2cbb828ae7f9651bcf3064bdf4fd61c
Threat Level: No (potentially) malicious behavior was detected
The file a1cc5968fd719c11b474c088763f061d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:42
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:42
Reported
2024-06-12 18:45
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1cc5968fd719c11b474c088763f061d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaf146f8,0x7ffcaaf14708,0x7ffcaaf14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14895021975256704043,10667029524433508010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4548 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4440_HILJOVSIQFWAVUWD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54e81288b6c68c5cf1fe0f1d48dd26cf |
| SHA1 | 81283246c5bc40d8c99e0c38f8a907907a2ee2b3 |
| SHA256 | 66dc25f8fa3fb33fe30df13e029231ccbe9518e782f4b8dce95599ab6fc6fc63 |
| SHA512 | 1b9a4dd068fd140ece99b569452d5ade38018c5f648a1fc092b4d9b92f66c5d610f1ad9fd0e6fb7544077326e4c0de9ea06c1a0b269fd528702a86e1892362a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4d3a763f1cd85177c24b244a675a12a |
| SHA1 | 0dd28c01f353f565f9b8b698e935437d349adf4b |
| SHA256 | aa00365e35e43fa1034ac30c9ca594439032633db480d7f8d4688fc5d2ae6fd9 |
| SHA512 | effa967f97e26076e996876815d9dc36ee6b9e1fc444e194d6318c16e50349fae25bb5d7fd5ebcf44dfd5d915434a5de49c90a19b273b2d718525064778a9b82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc2c07cf9d13af5d7859a823c811465b |
| SHA1 | 5b415969b1d711e8334f3c7eb67e57b3a6f88f8a |
| SHA256 | 9919e563032ce67479c99f0675496ea9fea9650140cfd8c198612a83ff796ee3 |
| SHA512 | d8490cb897ac5726d1d8d1aed2b0c1f15a7113a2bdeeaa6214a4ab87576d41e56bf68083ed2edee103ba01450e9c087189e78975ba04c78699a6a29e41290b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:42
Reported
2024-06-12 18:45
Platform
win7-20240611-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379640" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{927FDEF1-28EB-11EF-B98D-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000081def21e94646e897ddd1a1bc6dc8f32286e03da409351c1b8bce7a9bfb9da27000000000e8000000002000020000000bba22b47b368ecf91835f27834c364b5ecde7fe29d814a8a116e73cad8b76d6a20000000cf9869aeeae29160c327ff0811783856cd1d0b0e4544b6fd5eca10f46489df6b40000000a7cad56bf709b8ca868d2d643ffefa1f2bebd1224e6b242e9c12f78452b1fcf49a45409aa73f9240311b9bf12b553957e39eb0293da133bb3fada97c03287f3d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0715b6af8bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009918d9c203cec92b5a10dff4b30a320e8c1766ceef8f44dd6f9f716594238899000000000e80000000020000200000007b2300f4c800c8f815db1c367cbb113445913b028e44054a495fb342abd6b13090000000db988920cba1539f06aaa04ff493f27ee246e2034b785936203d348c1aa1dc9ea876669497eb6015fd2056a744814ea22778e1e10a10060dec18f67b9e9797e62a666e43ec2b2932f42b9e4d2ec1c86dbdb46bb5fd01162ab23ed9aad35108cded99657452870a28be9aee333327db6c968e3f097b71a3bc148e447f7788189615fb5dd001fbe949487a3dd1adff9a484000000071c0d962ff18dbdbfc7be49cc1b45b6a5b61a39564225682f22f14a4fb0fb349dd3a42b4762a8312da8eed4a942e2f8ca900d7b6e3c4660509a49670dc7445a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2224 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2224 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2224 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2224 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1cc5968fd719c11b474c088763f061d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar5BDB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab5BD9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6e43c69a601610e8758061b39a53b462 |
| SHA1 | 886114117599d818818f87a31919384adc82f4dd |
| SHA256 | 6af461c640dbc05d5ac29d5555f3d6212f2cf9a28040570a3370546b9620d405 |
| SHA512 | 1628d2f99bc0960eba9bd47cb2bd8f971c845493aabd7cfaf25dc8a37478391dfe78b71edca9aa4a449b6c8b2f73fcaf027e90cfbfea7d4aed66d00cead2e6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f24322ed08cf3644ffda3b51dc561b8c |
| SHA1 | 41d29f8458b7a6c8c2b0eec5bb3497330da43e1a |
| SHA256 | 08c685a6e74077413b7a930cb174154f6a0ccb04601e5c2592320b8390d0bf7b |
| SHA512 | 4a9c273104313d8403dd28f9fd4feb7363a1d6c2140831a03657e1a4255c8c1189152482017b6a80e9964794cc7078f297685eed3403aaeac367bf3b5a61cbcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 6b4f2d52ecb0129afedb97d10460729b |
| SHA1 | f8dea74fd85599605bf2178f9d7909d2b1993cd6 |
| SHA256 | cadf76a0fed8a3f11fab567feaf0866cec636a66071cc159348bd47331a9ebbb |
| SHA512 | 035ff638adaf90536467f984c4707b6f54becf4346fbbd902598f5ba6c201f788735dfb23682c970f8dc99a638de19adc7b142068667ba533aa1007b73b205ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18877708b73b432c93c422edbc52d847 |
| SHA1 | 11c60b771386b152b5a80a713ece2eb47dd9094b |
| SHA256 | a6510158e106f20c0423ff90f7c485c8efa6bb7a05f10086a6ce1a3e8ea0f47c |
| SHA512 | 194bc1f594fa7339cb6a6e3f1e18aa94d71b149c1db1d4b619d4d8ef368533583f38266f69457db9bbaf484778e5b560bbc191054f14fcdc68425854f8d29f1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8fbb81ab1c0993e10447b0157e0ce54 |
| SHA1 | 193e3e55dee2b1c0fcdc7cdc1d32a8d721f1d2d3 |
| SHA256 | 3672e4a85027251c91a49acfe6cf6c01872977f51cbcdb4b3dca25eb3ec2fe14 |
| SHA512 | d2d85b2e667f4fb7a81876aaa57e47034ff8143af1e3cbb64c138b34b59c0c915ca6b14e5a7dfe3a4c25de6023a44b133bd5c9b71da5ca3ceca6d1b090393a91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d6e375939c200020c47fd67c655200 |
| SHA1 | 7c2393fffc017dfdefef548ded637a5c17b53c6b |
| SHA256 | f4293d303fb330bc6be60ca796ab7282614ba63a905a4dede408bedf77b4c76e |
| SHA512 | 6149ac57874dc2063abe64df30c2f0e50e491484ad046206019bacd8a8d6b7ce6a3ab03710960b628d7599373741eda27eb2f8952e259d1a55fe5751176de12f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a48716b02b8f5855ab409241259c2b3 |
| SHA1 | a508d54b9244d0d203499f0768f7d6bfd37153fd |
| SHA256 | 3e8c7e500145221aca525fce67d699b5cfa5835602608f6018b9800487197107 |
| SHA512 | b8ab9af300c79ed6815e7a7c83e9f6d347996f0c63a30e727f945c140c260177af46107f537b64c407f6740da08a507fdd177b844f169ba0073d2e027b76d753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17bd8c9db414a1de90c78fe1def10905 |
| SHA1 | 4dc367510890c83f4c95eb7dcba310b214bda914 |
| SHA256 | 437d4634db0873419ac327deb884e3aaf089d28452f9de7e1c49c9819e0a4ef4 |
| SHA512 | 410d32b32b53c54c2f6642db4e130d0bdaaad40ad5320b09952555fb988152bba3877b8473889a7980499504f83f5605054199af148f74f4e2119dc9a594f153 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0feb5f61669cfdc703fe4d1b0071f32 |
| SHA1 | 5ce06dc005887b8acb8d83cdda67421fd542397b |
| SHA256 | 20de69ecb8747ac56066285cbd72ad38234366c03a0ef7933b1a8ab24aa24725 |
| SHA512 | 89afd43876ee6468879b71b5e9ac11a6edd58a720c5ea98e78dd00b32ebc7444897fc022c5b826086d6a52447d794e18075314afe59add91df189f3cca128f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e25d123bc3102e05eab72c5a6bfa4088 |
| SHA1 | 212634f006a4abc3754c4f3855cf56fc935b26eb |
| SHA256 | 11a59c6cc922e8d04794c74624a80a133731dc40851a5064ff2e43733d5b85cb |
| SHA512 | d4ce154aad2794153ed4afef485b4c18c0e85d31e858c054b6e47fa4735bd379cba40b9ce8448f8be4e5cd0cd30e8fc91f2a242ecd8616135214e85534663c39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4511a7b3ceced13d75917b82afb3042e |
| SHA1 | 2511c12b168f4b937b3d4b4d6055517fc5303195 |
| SHA256 | 43cff84b533856dbba48453d909e2e2e5b90f88ce0388787c5da254640b3033a |
| SHA512 | e83f5d041d089de666e14b411db66980cb1bf68cb15dbf46cc0b643d10eb81960283be0e3ce1535b1a5e328b9d9cdc3076365da6dc731c0bfa3b59bb7312f209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc721ae0c3cccd142e38c9055b79e335 |
| SHA1 | 105ef4e51db13b0df2623920f8f5f123a0a0efc8 |
| SHA256 | 3a237d3e422ba937d256eb48e54df31f7a8f9fdbac7c775fc236a2979c42918d |
| SHA512 | 5891973c099adcb6f64a05725d8338ccb8c86825795fb7d08e6f7556ee22afb12d4d27a112cbeedb384dc7379a9617b4ffef3983fdcfe4b9d890133c87d187ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cb802cf34dd6c5dfd708e31fa799014 |
| SHA1 | b517e6c574d80c496146501a329569bb41aaebd6 |
| SHA256 | 4b619c77b1ffa1018a08245a32e50e437d86af283d42ad9202618d64331cf7b8 |
| SHA512 | 74695ad505bc5353097d9c4f1c0b98702d616c6736d924914f5104fa8fd71ba3cc302a602e32495fb3853106afc0fd98aaeec2910f1e999852c76149a67563ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e938e0239e33d9d71f09b317fac865a |
| SHA1 | baa53ec98ec0c4a182afeeb7df1364f8c91a5ec8 |
| SHA256 | 7b7097a316614f37b25b572d2712da5bfc4bd150d7fa9efb8cc3ccdea2ee1254 |
| SHA512 | 5ebfa805b2b9c1e9b9753a0460abd68cc652cfb42847ea29c9be4e08ada8897989d3a7f42aa5b4af14291c296efac84804b793be69d35608ba57d4377cc5a5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 251ba7874868430722fa663824da6e70 |
| SHA1 | 319b262b048696e17678a7efd30ef95ef909bf45 |
| SHA256 | a2c0255cf6e7df2ba201e3234dbc71fb2d057c68014918e61233a1e3b649a750 |
| SHA512 | 642fa62c91091dfd801b50bcd587aebb188ff0741043070da4b264c6993f5f73159a98b3a500cccd38d6c0ed85bea69d07d7eef2ab4309735a3bb48b955f2286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ebd253edbf5ae848962c5165bbadda9 |
| SHA1 | 225256379bc569093a1129c975d963bd657b0101 |
| SHA256 | 0a808035c329e123c181c7f515691184d207299a63da0f8e1895d54c52a24b4b |
| SHA512 | d7bdabc66f96cc4b09374bda2cbdaab6698e2b1846c92b7f283b450a746cde201dca78471ee8816f1073aefe6e3943ec90227e3c29f1955dd0645c71a00c95e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 468c9d39e254bb94e22eaf67ef6fd2f0 |
| SHA1 | a6f688a958b890a6eb9430c1258abafa80755fb1 |
| SHA256 | 0794c1a33f1d86cf35ada4b0b2fb779788fcabc5ec6afb2b799ed7a13968d247 |
| SHA512 | 2f5704b740a24475c892f64ebe39b00c8bcf30a7824071072c40b1b07023e09e99d6c1fd57c66bd85c74aed8d9a654717c9d8b49d28a7c22c5c25abbe2e6b5f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d13ebe886b45139ef91f3b28cbb8f21 |
| SHA1 | 0645535578dd96d3f7a16823ded048e1a722b9c9 |
| SHA256 | ffe3530e27fbe7c1bdc4ce5213ee61f4a0fc918c0c34de76ef75bee43183e5f9 |
| SHA512 | d9a50b552871a678570217a73e055ba5dcb6ba156fa040e0c6beeaf9ae9e48d429b02c42250527b7f3bec6853335444072811e444268b8d0fe0bb9df3ef480b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b55bf3344a5cad14ff95d8eca5b0ad04 |
| SHA1 | 311b8b4341e7f8ce622a8180988ea0343b5d5e0d |
| SHA256 | 0999bb29856e5c4847012e01558bd97d3b44cd5d2d990a22afc1b19f9ece98ce |
| SHA512 | 61f7226d5fa0d2d820940493b5c839a69774e6df6726883056f96143dedc4bad4ba3c792d8dad6e815393ca7fd83d87547e60a8ff24f320c7b4f539a721df0b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9f816ea460b6137878c3a8384447cac |
| SHA1 | 9ad3baedd0555304c4962bb607482a99857b3ce3 |
| SHA256 | f246b99b57ea8ed1f3b039922ac87531480321218c84851de9ecdd6e5b307015 |
| SHA512 | bfc96e92e17d32e71bede7767ac681cf17e9ed633f0a1f5ea7700276cd09ce9da9dc58946e78e72a633dc3bf7147df1fd159eb280452d9bda98b95e03cb0dcb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02ee283f50de12a028b974ce23306280 |
| SHA1 | bc945acf718dcf9d7a1ce32b7b16273b88e5c2c0 |
| SHA256 | 93c8f0a644423d12acc510708f24c2a3237c6ea6fb25c1ba8acd906a0dc9a102 |
| SHA512 | 75d69aa060b70090125fccf04aa39f358096b915f8d5a004a5615b1c27e03d29897603fcd171eb5ac8382f65c22a8e4aa2d58f03828fec54075f9720d6f51d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f319040c844c4b60b6af41f0a5d4233 |
| SHA1 | 4a8ccaddbc80788314773d48eeb758c505233b1e |
| SHA256 | caf70b3a37d4ca2597a2b131a004e7df964e77682e686e510c507efcec4c9939 |
| SHA512 | 87d616b56e4e07ed46a8a16ac7616018770d7f25e06e043e09f9e1412b26e740d8a86b5209d7e72a83343545b192c71508c485d121fc9235fed2ec11d7323c1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fdc0f7a8cfbf36b77ba5162750400ad |
| SHA1 | ec98f28110a2baa6d8e6de51fab8c0ee3a59b95c |
| SHA256 | 84658407455b13a663b106c8defca36f09be9284a50eae100cc43325bec5a8f6 |
| SHA512 | c6a8a3484139e7c6d0a24f6bdaa04064ce745e5967321816f95fff9bfc4f94d31e3a3e39325f0daa66e753e3d25a4f3d340cd4a5705397cb5362cbf58e364fb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c70c7c4b916a3cee613e6ba4622a5289 |
| SHA1 | 1b9a435fcc67914aae533a50164deff7a4333fa8 |
| SHA256 | bcde86be5931feda05ad11acb3379a139999eaf5a79de41c613e46c999da6677 |
| SHA512 | 57aec378b2e05a93e6b21bf7330174c13426f86297f5da2ab68541c18fa1b5aa8e2f7a97f1db53a6353d03c636f821a19edf6fe1d1188faa995e51a68321bf3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36be1bfd91a1ae6610266da3f21729bc |
| SHA1 | 2db83f4853a52d736f660b39f22bb923f8e27092 |
| SHA256 | a2d5ca57354c2172fbde884ac48d51a57e95519420f32b66967f1ff642723fc6 |
| SHA512 | 9c001cc886e0f865ff86a7cab8c0562cb61802cb4bf345bc66cac89763e109f6f9b14bc45c74416c0e255719bc1e83e081939894efec00ef989c55299aaf2d26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f79f85cf444b9c2a386e60980941a33 |
| SHA1 | 31097bff2fdbfbdbd9514a11fcd36d0f88171a06 |
| SHA256 | d01d0cf62a3e0e83964614ac1509d37e789e10ecd999357ef09f7dce42ce4874 |
| SHA512 | 102ff3b9b22dfc797cd201cd6494edb7d4f3c03e90117c1dcd06997a084ab02af322a1113ad2e3b8e48dd1a551c69e84459afebd6809c79eca65c892cc5d37f1 |